<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<!-- Begin Header -->
<title>Gitblit</title>
<meta charset="utf-8">
<meta name="ROBOTS" content="INDEX">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
		
<link rel="stylesheet" href="./bootstrap/css/bootstrap.css">
<link rel='shortcut icon' type='image/png' href='./gitblt-favicon.png' />
<link rel="stylesheet" href="./prettify/prettify.css" />
<script src="./prettify/prettify.js"></script>
<script src="./bootstrap/js/jquery.js"></script>
<script src="./bootstrap/js/bootstrap.min.js"></script>
</head>
<body onload='prettyPrint()'>		<!-- Navigation Bar -->
		<div class="navbar navbar-fixed-top">
			<div class="navbar-inner">
				<div class="container">
          			<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
            			<span class="icon-bar"></span>
            			<span class="icon-bar"></span>
            			<span class="icon-bar"></span>
          			</a>
          			<a class="brand" href="./"><img src="./gitblt_25_white.png" alt="Gitblit"></img></a>
					<div class="nav-collapse">
						<ul class="nav">
							<li class='dropdown'> <!-- Menu -->
<a class='dropdown-toggle' href='#' data-toggle='dropdown'>about<b class='caret'></b></a>
<ul class='dropdown-menu'>
<li><a href='index.html'>overview</a></li>
<li><a href='features.html'>features</a></li>
</ul></li> <!-- End Menu -->
<li class='dropdown'> <!-- Menu -->
<a class='dropdown-toggle' href='#' data-toggle='dropdown'>documentation<b class='caret'></b></a>
<ul class='dropdown-menu'>
<li class='dropdown-submenu'> <!-- Submenu -->
<a tabindex='-1' href='#'>Gitblit GO</a>
<ul class='dropdown-menu'>
<li><a href='setup_go.html'>setup GO</a></li>
<li><a href='upgrade_go.html'>upgrade GO</a></li>
</ul></li> <!-- End Submenu -->
<li class='divider'></li>
<li class='dropdown-submenu'> <!-- Submenu -->
<a tabindex='-1' href='#'>Gitblit WAR</a>
<ul class='dropdown-menu'>
<li><a href='setup_war.html'>setup WAR</a></li>
<li><a href='upgrade_war.html'>upgrade WAR</a></li>
</ul></li> <!-- End Submenu -->
<li class='divider'></li>
<li class='dropdown-submenu'> <!-- Submenu -->
<a tabindex='-1' href='#'>Server Configuration</a>
<ul class='dropdown-menu'>
<li><a href='administration.html'>administration</a></li>
<li><a href='setup_authentication.html'>authentication</a></li>
<li><a href='setup_hooks.html'>push hooks</a></li>
<li><a href='setup_lucene.html'>lucene indexing</a></li>
<li><a href='setup_proxy.html'>reverse proxies</a></li>
<li><a href='setup_clientmenus.html'>client app menus</a></li>
<li><a href='setup_bugtraq.html'>bugtraq</a></li>
<li><a href='setup_mirrors.html'>mirrors</a></li>
<li><a href='setup_scaling.html'>scaling</a></li>
<li class='divider'></li>
<li><a href='setup_viewer.html'>Gitblit as a viewer</a></li>
</ul></li> <!-- End Submenu -->
<li class='divider'></li>
<li class='dropdown-submenu'> <!-- Submenu -->
<a tabindex='-1' href='#'>Client Usage</a>
<ul class='dropdown-menu'>
<li><a href='setup_transport_http.html'>using HTTP/HTTPS</a></li>
<li><a href='setup_transport_ssh.html'>using SSH</a></li>
<li><a href='eclipse_plugin.html'>using the Eclipse plugin</a></li>
</ul></li> <!-- End Submenu -->
<li class='divider'></li>
<li class='dropdown-submenu'> <!-- Submenu -->
<a tabindex='-1' href='#'>Tickets</a>
<ul class='dropdown-menu'>
<li><a href='tickets_overview.html'>overview</a></li>
<li><a href='tickets_using.html'>using</a></li>
<li><a href='tickets_barnum.html'>barnum</a></li>
<li><a href='tickets_setup.html'>setup</a></li>
<li><a href='tickets_replication.html'>replication & advanced administration</a></li>
</ul></li> <!-- End Submenu -->
<li class='divider'></li>
<li class='dropdown-submenu'> <!-- Submenu -->
<a tabindex='-1' href='#'>Plugins</a>
<ul class='dropdown-menu'>
<li><a href='plugins_overview.html'>overview</a></li>
<li><a href='plugins_extensions.html'>extension points</a></li>
</ul></li> <!-- End Submenu -->
<li class='divider'></li>
<li><a href='federation.html'>federation</a></li>
<li class='divider'></li>
<li><a href='properties.html'>settings</a></li>
<li><a href='faq.html'>faq</a></li>
<li class='divider'></li>
<li><a href='design.html'>design</a></li>
<li><a href='rpc.html'>rpc</a></li>
</ul></li> <!-- End Menu -->
<li class='dropdown'> <!-- Menu -->
<a class='dropdown-toggle' href='#' data-toggle='dropdown'>changelog<b class='caret'></b></a>
<ul class='dropdown-menu'>
<li><a href='releasecurrent.html'>current release</a></li>
<li><a href='releasehistory.html'>older releases</a></li>
</ul></li> <!-- End Menu -->
<li class='dropdown'> <!-- Menu -->
<a class='dropdown-toggle' href='#' data-toggle='dropdown'>links<b class='caret'></b></a>
<ul class='dropdown-menu'>
<li><a href='https://dev.gitblit.com'>dev.gitblit.com (self-hosted)</a></li>
<li class='divider'></li>
<li><a href='http://plugins.gitblit.com'>Plugins Registry</a></li>
<li class='divider'></li>
<li><a href='https://github.com/gitblit/gitblit'>Github</a></li>
<li><a href='https://github.com/gitblit/gitblit'>Issues</a></li>
<li><a href='http://groups.google.com/group/gitblit'>Discussion</a></li>
<li><a href='http://www.ohloh.net/p/gitblit'>Ohloh</a></li>
</ul></li> <!-- End Menu -->

						</ul>
					</div><!--/.nav-collapse -->
				</div>
			</div>
		</div><!-- end Navigation Bar -->
<div class='container'>
<!-- Begin Markdown -->
<h2 class="section" id='H1'><a href="#H1" class="sectionlink"><i class="icon-share-alt"> </i></a>Using the HTTP/HTTPS transport</h2>
<h3 class="section" id='H2'><a href="#H2" class="sectionlink"><i class="icon-share-alt"> </i></a>Https with Self-Signed Certificates</h3><p>You must tell Git/JGit not to verify the self-signed certificate in order to perform any remote Git operations.</p><p><strong>NOTE:</strong><br/>The default self-signed certificate generated by Gitblit GO is bound to <em>localhost</em>.<br/>If you are using Eclipse/EGit/JGit clients, you will have to generate your own certificate that specifies the exact hostname used in your clone/push url.<br/>You must do this because Eclipse/EGit/JGit (&lt; 3.0) always verifies certificate hostnames, regardless of the <em>http.sslVerify=false</em> client-side setting. </p>
<ul>
  <li><strong>Eclipse/EGit/JGit</strong>
  <ol>
    <li>Window-&gt;Preferences-&gt;Team-&gt;Git-&gt;Configuration</li>
    <li>Click the <em>New Entry</em> button</li>
    <li>
    <pre>Key = <em>http.sslVerify</em>
Value = <em>false</em></pre></li>
  </ol></li>
  <li><strong>Command-line Git</strong> (<a href="http://www.kernel.org/pub/software/scm/git/docs/git-config.html">Git-Config Manual Page</a>)<br/><pre>git config --global --bool --add http.sslVerify false</pre></li>
</ul><p><strong>NOTE:</strong><br/>When generating self-signed certificates, the default Java TLS settings will be used. These default settings will generate a weak Diffie-Hellman key.<br/><h4 class="section" id='H3'><a href="#H3" class="sectionlink"><i class="icon-share-alt"> </i></a>Java 8</h4><br/>The default is a 1024 bit DH key.<br/>You can up the number of bits used by appending the following command line parameter when starting Gitblit:<br/><pre>-Djdk.tls.ephemeralDHKeySize=2048</pre><br/>2048 bits is the maximum (Java limitation), and is still considered secure as of this writing.<br/><h4 class="section" id='H4'><a href="#H4" class="sectionlink"><i class="icon-share-alt"> </i></a>Java 7</h4><br/>The default is a 768 bit key. <b>This is hardcoded in Java 7 and cannot be changed.</b>. It is very weak. If you require longer DH keys, use Java 8.</p>
<h3 class="section" id='H5'><a href="#H5" class="sectionlink"><i class="icon-share-alt"> </i></a>Http Post Buffer Size</h3><p>You may find the default post buffer of your git client is too small to push large deltas to Gitblit. Sometimes this can be observed on your client as <em>hanging</em> during a push. Other times it can be observed by git erroring out with a message like: error: RPC failed; result=52, HTTP code = 0.</p><p>This can be adjusted on your client by changing the default post buffer size:<br/><pre>git config --global http.postBuffer 524288000</pre></p>
<h3 class="section" id='H6'><a href="#H6" class="sectionlink"><i class="icon-share-alt"> </i></a>Disabling SNI</h3><p>You may run into SNI alerts (Server Name Indication). These will manifest as failures to clone or push to your Gitblit instance.</p>
<h4 class="section" id='H7'><a href="#H7" class="sectionlink"><i class="icon-share-alt"> </i></a>Java-based Clients</h4><p>Luckily, Java 6-based clients ignore SNI alerts but when using Java 7-based clients, SNI checking is enabled by default. You can disable SNI alerts by specifying the JVM system parameter <code>-Djsse.enableSNIExtension=false</code> when your Java-based client launches.</p><p>For Eclipse, you can append <code>-Djsse.enableSNIExtension=false</code> to your <em>eclipse.ini</em> file.</p>
<h4 class="section" id='H8'><a href="#H8" class="sectionlink"><i class="icon-share-alt"> </i></a>Native Clients</h4><p>Native clients may display an error when attempting to clone or push that looks like this:</p><p><pre>C:\projects\git\gitblit&gt;git push rhcloud master
error: error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) while accessing https://demo-gitblit.rhcloud.com/git/gitblit.git/info/refs?service=git-receive-pack
fatal: HTTP request failed
</pre>
<!-- End Markdown -->
<div ><ul class="pager"> <li class="next"><a href="setup_transport_ssh.html">using SSH &rarr;</a></li></ul></div><footer class="footer"><p class="pull-right">generated 2016-06-22</p>
<p>The content of this page is licensed under the <a href="http://creativecommons.org/licenses/by/3.0">Creative Commons Attribution 3.0 License</a>.</p>
</footer>
</div>
</body>
</html>